Stories

CVE-2008-4210

463661:
CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group

The MITRE CVE dictionary describes this issue as:

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.